Implementing Least Privilege at your Enterprise

Enterprise security involves people, process and technology. The principle of least privilege can and should be applied to all of those areas An expansion of the topic of 'least privilege' has some importance because, those responsible for information security, have had some past difficulty explaining it or gaining acceptance for this important principle. It is often referenced and occasionally supported with a brief definition, but rarely is the principle supported with any significant examples or rationale. It is a principle that touches many aspects of the organization or enterprise, and since it is not really well explained or understood it is difficult to achieve acceptance. This paper will provide some background, offer some rationale to help develop support for it's acceptance, and identify ways it can be implemented at your enterprise.